AutoLocky Ransomware

AutoLocky is ransomware written in the popular AutoIt scripting language. It uses strong RSA and AES ciphers to encrypt files in an infected system, which is denoted by a .locky file extension added to the encrypted files. In addition, the virus generates a ransom note either in the info.txt or info.html file name, which demands a payoff to decrypt the files.

What Is AutoLocky Ransomware?

AutoLocky originated in 2016 and impersonates a dangerous ransomware attack known as Locky ransomware. It uses Locky’s name as the file extension (.locky) for the encrypted files to make the attack look more serious; however, it doesn’t change the base name of a file as Locky did. Although it possesses most of the same features, it’s not as dangerous as Locky, which is written in C++ programming language instead of AutoIt.

AutoLocky targets Windows OS users and is designed to give financial advantages to the hackers, usually demanding 0.75 BTC, approximately $325, as ransom to decrypt files. In addition, AutoLocky’s logo is identical to the Adobe PDF icon, which makes it easier for AutoLocky attackers to trick their targets.

How Does the Attack Work?

The AutoLocky virus is mainly distributed via spam emails along with attachments in the forms of MS Word, Excel, or PDF documents. When a user opens the affected document, the virus runs its executable in the Windows Task Manager.

Once activated on the targeted system, AutoLocky scans all data files and begins to encrypt the files by using RSA-2048 and AES-128 ciphers. After file encryption, a ransom note displays on the victim’s desktop in the file name info.html or info.txt, demanding victims make a payment in Bitcoin (BTC).

Learn how to prevent many types of ransomware in this Best Practices Guide from eSecurity Planet.

How Can Victims Respond to AutoLocky Attacks?

Once notified of the AutoLocky ransomware attack, victims should find the executable name and restart Task Manager to terminate its process. After removing the startup link, download the AutoLocky decrypter tool to decrypt the encrypted files.

Like other ransomware attacks, AutoLocky does not delete shadow volume copies; therefore, victims can easily restore files using shadow copy restoration software.

What Specific Steps Should Users Take to Prevent AutoLocky Attacks?

Defending against AutoLocky-like attacks requires users to follow a few key security best practices:

1. Back up Data Frequently

Backing up all significant data is the most effective way to prevent ransomware attacks. The backup files can be stored and protected offline, so attackers can’t easily target them.

2. Apply Multi-Factor Authentication

Multi-factor authentication (MFA) requires a combination of something the user knows, like a password, and something they have, like a biometric or a key card. This form of authentication can help prevent unauthorized access to important files.

3. Enable Spam Filters

Use strong spam email filters to detect and filter executable files. Strong filtering can stop users from seeing and opening malicious files.

Looking to better protect your data against ransomware attacks like AutoLocky? Invest in one of the Best Backup Software Solutions.

Siji Roy
Siji Roy
Siji Roy specializes in technology, finance, and content marketing. She helps organizations to communicate with their target audience. She received her Master’s degree in Communication and Journalism from the University of Calicut, India. She is fortunate to be married to a lovely person and blessed with three naughty boys.

Related Articles

REvil Ransomware

REvil was a Ransomware-as-a-service (RaaS) ransomware attack that affected a number of larger corporations and famous individuals. Read this article to learn more about...

AutoIt Scripting Language

AutoIt is a popular and easy-to-learn scripting language used by developers since 1999 for quick software development. Here’s more about the AutoIt scripting language,...

WannaCry

WannaCry was one of the most damaging malware attacks in history. On Friday, May 12, 2017, WannaCry ransomware infected computers all around the world,...

Ryuk Ransomware

The Ryuk ransomware is a strain of malware that attempts to infect and encrypt victims’ files, rendering them inaccessible to the original user. Ryuk ransomware...

Geotargeting

Geotargeting is a method of delivering data or content to users based on...

Agile Project Management

Agile project management enables business teams to approach their projects and tasks with...

Private 5G Network

A private 5G network is a private local area network (LAN) that utilizes...